Security News > 2021 > September

Commvault announces ransomware services to help businesses tackle growing cyber threats. The Commvault Ransomware Response Service provides the expertise and resources to help recover from an attack.

Last year's sudden transition has created numerous cybersecurity challenges for businesses as they attempt to adjust to this new way of working. Some of the new security challenges - both for employees and employers - include BYOD policies, sharing the same network with relatives or roommates, using the same devices for work and personal activities, VPN security issues and, of course, working from home with more distractions in our personal lives.

The growing number of ransomware attacks has burdened many oganizations, but it has also greatly impacted the cyber insurance industry, which found itself having to cover large ransomware demands. This called for a chenge in policies but also the need to enhance cyber insurance with cybersecurity knowlege.

Worse, the fact that stable releases of CentOS were discontinued in exchange for the rolling-release CentOS Stream means that to secure their workloads most CentOS 8 users have to opt for an entirely different Linux distribution, with just a year to choose, evaluate and implement an alternative. CentOS is not dead. Red Hat will continue to release new versions of CentOS through CentOS Stream, but it is a rolling release: updates can come at any time, and it will inevitably mean that CentOS Stream is quickly out of sync with the most recent RHEL release.

The report finds a growing interest in using the IoT in several ways, such as improving the efficiency of the supply chain, running shop floor equipment, and powering autonomous vehicles. "Most large enterprises, having chosen their IoT platforms by now, are interested in scaling their IoT initiatives globally."

33% of emails employees report as phishing attempts are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021, and highlights the efficacy of employee-led efforts in preventing cyberattacks.

A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that could enable attackers to siphon personally identifiable information from infected devices, including banking credentials and open the door for on-device fraud. Dubbed S.O.V.A., the current version of the banking malware comes with myriad features to steal credentials and session cookies through web overlay attacks, log keystrokes, hide notifications, and manipulate the clipboard to insert modified cryptocurrency wallet addresses, with future plans to incorporate on-device fraud through VNC, carry out DDoS attacks, deploy ransomware, and even intercept two-factor authentication codes.

Major factors driving the growth of the SIEM market. The rise in concerns over IT security is expected to boost the SIEM market.

On Wednesday, BleepingComputer reported that it's been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices.

McDonald's UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game's various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald's server that hosted information tied to the UK Monopoly VIP game.